diff options
Diffstat (limited to 'lass')
43 files changed, 1268 insertions, 649 deletions
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index dc0ca0274..39af4a96f 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -13,7 +13,7 @@ in { ../2configs/realwallpaper-server.nix ../2configs/privoxy-retiolum.nix ../2configs/git.nix - ../2configs/redis.nix + #../2configs/redis.nix ../2configs/go.nix ../2configs/ircd.nix ../2configs/newsbot-js.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 7db3f8333..4ba9df6f9 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -18,10 +18,40 @@ ../2configs/chromium-patched.nix ../2configs/git.nix ../2configs/retiolum.nix - ../2configs/wordpress.nix + #../2configs/wordpress.nix ../2configs/bitlbee.nix ../2configs/firefoxPatched.nix ../2configs/skype.nix + ../2configs/teamviewer.nix + ../2configs/libvirt.nix + ../2configs/fetchWallpaper.nix + { + #risk of rain port + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } + ]; + } + { + #wordpress-test + #imports = singleton (sitesGenerators.createWordpress "testserver.de"); + imports = [ + ../3modules/wordpress_nginx.nix + ]; + lass.wordpress."testserver.de" = { + }; + + services.mysql = { + enable = true; + package = pkgs.mariadb; + rootPassword = "<secrets>/mysql_rootPassword"; + }; + networking.extraHosts = '' + 10.243.0.2 testserver.de + ''; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } + ]; + } ]; krebs.build.host = config.krebs.hosts.mors; diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 87334c3c2..95c55533c 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -10,6 +10,8 @@ in { ../2configs/downloading.nix ../2configs/git.nix ../2configs/ts3.nix + ../2configs/bitlbee.nix + ../2configs/weechat.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories @@ -87,6 +89,50 @@ in { { nixpkgs.config.allowUnfree = true; } + { + #stuff for juhulian + users.extraUsers.juhulian = { + name = "juhulian"; + uid = 1339; + home = "/home/juhulian"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + } + { + environment.systemPackages = [ + pkgs.perlPackages.Plack + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} + ]; + } + { + users.users.chat.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH" + ]; + } + { + time.timeZone = "Europe/Berlin"; + } + { + imports = [ + ../2configs/websites/wohnprojekt-rhh.de.nix + ../2configs/websites/domsen.nix + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/test-arch.nix b/lass/1systems/test-arch.nix deleted file mode 100644 index 0ab9da2f3..000000000 --- a/lass/1systems/test-arch.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - inherit (lib) head; - -in { - imports = [ - ../2configs/base.nix - { - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/sda1"; - }; - } - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - ]; - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.test-arch; -} diff --git a/lass/1systems/test-centos6.nix b/lass/1systems/test-centos6.nix deleted file mode 100644 index 7270c2262..000000000 --- a/lass/1systems/test-centos6.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - inherit (lib) head; - - ip = "168.235.148.52"; -in { - imports = [ - ../2configs/base.nix - ../2configs/os-templates/CAC-CentOS-6.5-64bit.nix - { - networking.interfaces.enp11s0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.test-centos6; -} diff --git a/lass/1systems/test-centos7.nix b/lass/1systems/test-centos7.nix deleted file mode 100644 index 91bd3e0fe..000000000 --- a/lass/1systems/test-centos7.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - inherit (lib) head; - - ip = "168.235.145.85"; -in { - imports = [ - ../2configs/base.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.test-centos7; -} diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 11bc4f089..40f4e12c7 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -17,6 +17,7 @@ with lib; root = { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.uriel.pubkey ]; }; mainUser = { @@ -30,6 +31,7 @@ with lib; ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.uriel.pubkey ]; }; }; @@ -48,7 +50,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80"; + rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251"; }; dir.secrets = { host = config.krebs.hosts.mors; @@ -92,6 +94,10 @@ with lib; most rxvt_unicode.terminfo + #monitoring tools + htop + iotop + #network iptables diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 3be3676aa..4e46c18d2 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -5,7 +5,8 @@ let in { imports = [ ./base.nix - ./urxvt.nix + #./urxvt.nix + ./xserver ]; users.extraUsers.mainUser.extraGroups = [ "audio" ]; @@ -34,38 +35,39 @@ in { sxiv much push + zathura #window manager stuff - haskellPackages.xmobar - haskellPackages.yeganesh - dmenu2 - xlibs.fontschumachermisc + #haskellPackages.xmobar + #haskellPackages.yeganesh + #dmenu2 + #xlibs.fontschumachermisc ]; - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; - - services.xserver = { - enable = true; - - windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ - X11-xshape - ]; - windowManager.xmonad.enable = true; - windowManager.xmonad.enableContribAndExtras = true; - windowManager.default = "xmonad"; - desktopManager.default = "none"; - desktopManager.xterm.enable = false; - displayManager.slim.enable = true; - displayManager.auto.enable = true; - displayManager.auto.user = mainUser.name; - - layout = "us"; - xkbModel = "evdev"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; - }; + #fonts.fonts = [ + # pkgs.xlibs.fontschumachermisc + #]; + + #services.xserver = { + # enable = true; + + # windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ + # X11-xshape + # ]; + # windowManager.xmonad.enable = true; + # windowManager.xmonad.enableContribAndExtras = true; + # windowManager.default = "xmonad"; + # desktopManager.default = "none"; + # desktopManager.xterm.enable = false; + # displayManager.slim.enable = true; + # displayManager.auto.enable = true; + # displayManager.auto.user = mainUser.name; + + # layout = "us"; + # xkbModel = "evdev"; + # xkbVariant = "altgr-intl"; + # xkbOptions = "caps:backspace"; + #}; services.logind.extraConfig = '' HandleLidSwitch=ignore diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix index fa14c7fea..b23628dc5 100644 --- a/lass/2configs/bitlbee.nix +++ b/lass/2configs/bitlbee.nix @@ -1,16 +1,12 @@ { config, pkgs, ... }: -let - lpkgs = import ../5pkgs { inherit pkgs; }; -in { - - imports = [ - ../3modules/bitlbee.nix - ]; - - lass.bitlbee = { +{ + services.bitlbee = { enable = true; - bitlbeePkg = lpkgs.bitlbee; portNumber = 6666; + plugins = [ + pkgs.bitlbee-facebook + pkgs.bitlbee-steam + ]; }; } diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 5a1857973..d36801863 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: let - inherit (import ../4lib { inherit pkgs lib; }) simpleScript; - mainUser = config.users.extraUsers.mainUser; createChromiumUser = name: extraGroups: packages: { @@ -18,8 +16,8 @@ let ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (simpleScript name '' - sudo -u ${name} -i chromium $@ + (pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i chromium $@ '') ]; }; @@ -38,8 +36,8 @@ let ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (simpleScript name '' - sudo -u ${name} -i firefox $@ + (pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i firefox $@ '') ]; }; @@ -49,7 +47,7 @@ let in { environment.systemPackages = [ - (simpleScript "browser-select" '' + (pkgs.writeScriptBin "browser-select" '' BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu) $BROWSER $@ '') @@ -62,7 +60,7 @@ in { ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) - # ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) + ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) ]; nixpkgs.config.packageOverrides = pkgs : { diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix index 1edd01896..e3a88c789 100644 --- a/lass/2configs/elster.nix +++ b/lass/2configs/elster.nix @@ -14,6 +14,9 @@ in { createHome = true; }; }; + krebs.per-user.elster.packages = [ + pkgs.chromium + ]; security.sudo.extraConfig = '' ${mainUser.name} ALL=(elster) NOPASSWD: ALL ''; diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix new file mode 100644 index 000000000..9c27706cb --- /dev/null +++ b/lass/2configs/fetchWallpaper.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +let + +in { + krebs.fetchWallpaper = { + enable = true; + url = "echelon/wallpaper.png"; + }; +} + diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 7e8fc03c7..16ecaefec 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import ../../tv/4lib { inherit lib pkgs; }; +with lib; let @@ -43,19 +43,19 @@ let collaborators = with config.krebs.users; [ tv makefu ]; }; } // - import /root/src/secrets/repos.nix { inherit config lib pkgs; } + import <secrets/repos.nix> { inherit config lib pkgs; } ); make-public-repo = name: { desc ? null, ... }: { inherit name desc; public = true; hooks = { - post-receive = git.irc-announce { + post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#retiolum"; server = "cd.retiolum"; - verbose = config.krebs.build.host.name == "echelon"; + verbose = config.krebs.build.host.name == "prism"; }; }; }; diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix index 81a02ec7c..f4c2ac289 100644 --- a/lass/2configs/go.nix +++ b/lass/2configs/go.nix @@ -2,13 +2,10 @@ with lib; { - imports = [ - ../3modules/go.nix - ]; environment.systemPackages = [ pkgs.go ]; - lass.go = { + krebs.go = { enable = true; }; krebs.nginx = { diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix new file mode 100644 index 000000000..368722e77 --- /dev/null +++ b/lass/2configs/libvirt.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + +in { + virtualisation.libvirtd.enable = true; + + users.extraUsers = { + libvirt = { + uid = 358821352; # genid libvirt + description = "user for running libvirt stuff"; + home = "/home/libvirt"; + useDefaultShell = true; + extraGroups = [ "libvirtd" "audio" ]; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(libvirt) NOPASSWD: ALL + ''; +} diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index 87880ed00..b7d5a4ceb 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -159,37 +159,25 @@ let ### Images ### - type/^GIF + shell/i/.gif Include=image - type/^JPEG + regex/i/\.jpe?g$ Include=image - type/^PC\ bitmap + shell/i/.bmp Include=image - type/^PNG + shell/i/.png Include=image - type/^JNG + shell/i/.jng Include=image - type/^MNG + shell/i/.mng Include=image - type/^TIFF - Include=image - - type/^PBM - Include=image - - type/^PGM - Include=image - - type/^PPM - Include=image - - type/^Netpbm + shell/i/.tiff Include=image shell/.ico @@ -283,7 +271,7 @@ let ### Documents ### # PDF - type/^PDF + shell/i/.pdf Open=zathura %f View=zathura %f diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix index 7e4618a7b..6a226441b 100644 --- a/lass/2configs/skype.nix +++ b/lass/2configs/skype.nix @@ -4,10 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - imports = [ - ../3modules/per-user.nix - ]; - users.extraUsers = { skype = { name = "skype"; @@ -20,7 +16,7 @@ in { }; }; - lass.per-user.skype.packages = [ + krebs.per-user.skype.packages = [ pkgs.skype ]; diff --git a/lass/2configs/teamviewer.nix b/lass/2configs/teamviewer.nix new file mode 100644 index 000000000..48053d7db --- /dev/null +++ b/lass/2configs/teamviewer.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + services.teamviewer.enable = true; +} diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix new file mode 100644 index 000000000..109c216c0 --- /dev/null +++ b/lass/2configs/websites/domsen.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../../3modules/static_nginx.nix + ../../3modules/owncloud_nginx.nix + ../../3modules/wordpress_nginx.nix + ]; + + lass.staticPage = { + "karlaskop.de" = {}; + "makeup.apanowicz.de" = {}; + "pixelpocket.de" = {}; + "reich-gebaeudereinigung.de" = {}; + }; + + lass.owncloud = { + "o.ubikmedia.de" = { + instanceid = "oc8n8ddbftgh"; + }; + }; + + services.mysql = { + enable = true; + package = pkgs.mariadb; + rootPassword = toString (<secrets/mysql_rootPassword>); + }; + + #lass.wordpress = { + # "ubikmedia.de" = { + # }; + #}; + +} + diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix new file mode 100644 index 000000000..cd31450c5 --- /dev/null +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + imports = [ + ../../3modules/static_nginx.nix + ]; + + lass.staticPage = { + "wohnprojekt-rhh.de" = {}; + }; +} + diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index cfcc1a2f6..18007ed61 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -1,22 +1,37 @@ { config, lib, pkgs, ... }: -with lib; { - imports = [ - ../3modules/per-user.nix - ]; - - lass.per-user.chat.packages = [ + krebs.per-user.chat.packages = [ pkgs.weechat pkgs.tmux ]; users.extraUsers.chat = { home = "/home/chat"; + uid = 986764891; # genid chat useDefaultShell = true; createHome = true; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; + + #systemd.services.chat = { + # description = "chat environment setup"; + # after = [ "network.target" ]; + # wantedBy = [ "multi-user.target" ]; + + # path = with pkgs; [ + # weechat + # tmux + # ]; + + # restartIfChanged = true; + + # serviceConfig = { + # User = "chat"; + # Restart = "always"; + # ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat"; + # }; + #}; } diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix new file mode 100644 index 000000000..d52418897 --- /dev/null +++ b/lass/2configs/xserver/Xresources.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +with lib; + +pkgs.writeText "Xresources" '' + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + + ! ref https://github.com/muennich/urxvt-perls + URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl + URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.url-select.launcher: browser-select + URxvt.url-select.underline: true + URxvt.keysym.M-u: perl:url-select:select_next + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + + URxvt.intensityStyles: false + + URxvt*background: #000000 + URxvt*foreground: #ffffff + + !change unreadable blue + URxvt*color4: #268bd2 +'' diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix new file mode 100644 index 000000000..da337f6a7 --- /dev/null +++ b/lass/2configs/xserver/default.nix @@ -0,0 +1,160 @@ +{ config, lib, pkgs, ... }@args: + +with lib; + +let + # TODO krebs.build.user + user = config.users.users.mainUser; + + out = { + + services.xserver = { + |